CISSP seems very close to security+? Hmmmm?

beads · November 2013

teancum144 wrote: »

I respectfully disagree. It depends on how you value it. It is still a requirement for many jobs. In that case, the value is not being weeded out of the selection process. It still requires a certain level of knowledge across a broad array of security topics, which is valuable to ensure well-rounded security understanding (at least at some level). If not for the CISSP, I wouldn't be forced to study this breadth of information.

Again, I respectfully disagree. If they make it "much more difficult" that would unfairly socially promote those who already have it. As has been pointed out, its being a gold standard is a misperception. By more people obtaining their CISSP, that misperception is being corrected to reflect the reality of what it is. As a result, employers will have to better screen candidates (not a bad thing).

Perhaps the CISSP is becoming more common is not because its quality is declining, but because security has become so popular and therefore the CISSP (perceived as the gold standard) has become more popular.

Been here done that. Sorry, tech history is on my side. Seeing junior level positions "requiring" the CISSP with 2-3 years of experience. Security experience or not - just doesn't bode well but you keep that optimism up. Whenever there is a demand the best will fill those positions early. The rest will be slowly filled by those less capable - hardly unique to IT or IT Security. Happens in any "hot" field.

- B Eads

redz · November 2013

teancum144 wrote: »

I respectfully disagree. It depends on how you value it. It is still a requirement for many jobs. In that case, the value is not being weeded out of the selection process. It still requires a certain level of knowledge across a broad array of security topics, which is valuable to ensure well-rounded security understanding (at least at some level). If not for the CISSP, I wouldn't be forced to study this breadth of information.
(...)
Perhaps the CISSP is becoming more common is not because its quality is declining, but because security has become so popular and therefore the CISSP (perceived as the gold standard) has become more popular.

The quality of the certification isn't declining. The vetting process has always been inadequate. The value of the certification is unarguably declining. It still has phenomenal ROI, and will continue to in the near- and medium- terms.

It doesn't depend on how "you" value it; it depends on the market rate for a CISSP. As I said before, the CISSP doesn't get you a job or more money. It does, however, set certain levels of expectation. Those expectations are not $60,000 per annum, which are more and more commonly "requiring" CISSP credentials. (Side note: I saw an entry level position with a desired ISSEP the other day: IT Systems Administrator and Entry Level Security Consultant - PSC, Inc. - Campbell, CA | dice.com - 11-5-2013)

Either way, I'm still going to learn, grow, and get better faster.

DoubleNNs · November 2013

Even tho the title says "Entry Level" in it, the description doesn't seem very Entry Level at all.

Edit: Or I guess the requirements are more geared towards experienced and well versed Linux Admins who want to break into Security, so it is an entry security position.

kalkan999 · November 2013

It's all about the Resume with the certs, ladies and gentlemen. My phone rings OFF the hook. As I live here in Orlando, Disney and Universal ask me to come and work for them ALL THE TIME, but never want to pay. But they are not as bad as Jet Blue. Yes, JetBlue, I am personally calling you out for wanting the sun, moon, stars, sky, CISSP, @ $48,000 a year, with exempt status (meaning they can work you overtime without paying you for it.)
City and state government jobs pay around 80-90K plus really good benefits. Personally, I prefer being a contractor, if only to increase my exposure to the latest in vendor hardware/software/firmware. I like listening in on their sales pitches, and cornering them on the Total Cost of Ownership (TCO) claims. Fun.

dijital1 · November 2013

Passed the CAP a couple of hours ago. Much easier than the ISSEP but then again, I likened the ISSEP to what childbirth must feel like.

redz · November 2013

Congrats, pimp! That's good to hear!

Have you met your goal of $1,000 per year in AMFs yet?

dijital1 · November 2013

redz wrote: »

Congrats, pimp! That's good to hear!

Have you met your goal of $1,000 per year in AMFs yet?

Haha. It's getting up there for sure. The AMFs for the current set cost $570. It'll be another $195 for the CAP. Starting to get expensive...

beads · November 2013

Dijital1;

Well, I know finding a good pimp shop can be difficult there are still a few good ones left in Chicago, that is, when you want to complete that next smashing outfit. Look me up we can go shopping a couple miles away for some new peacock feathered hats.

- B Eads

dijital1 · November 2013

Do they have purple?

redz · November 2013

Beadsy actually took me out there to get my diamond-tipped cane.

They have purple velvet everything.

LOVE IT.

beads · November 2013

Canary is very fashionable this time a year from what I have seen on Sundays in the area. A splash of leopard print on purple and your stylin'.

- B Eads

GoodBishop · November 2013

Next time you guys go out, Beads and redz, lemme know, as I'm in the Windy City myself.

beads · November 2013

GoodBishop;

We'll just take the Red line from Evanston down to what is it now 71st? Any stop along the way is likely to provide any number of delightful treat from "deep fried cultural cuisine" ("Chen's Chicken" to Pimp shops along the way. Sounds like something I would have done in college... If we had a subway in Marquette, Michigan.

- B Eads

Humbe · November 2013

At this rate they will be paying us 35 - 40k a year because the CISSP will be the next "A+".

Oh well...

dijital1 · November 2013

Humbe wrote: »

At this rate they will be paying us 35 - 40k a year because the CISSP will be the next "A+".

Oh well...

You're joking right?

redz · November 2013

I don't really see myself competing with many new-car-smell CISSP's in the near future. We're already graduating 600,000,000 new "infosec is so hot right now" cyber-baccalaureates per year... Personally? I welcome the competition.

EDIT: I haven't even had my CISSP for a whole year yet, please don't take offense to my tongue in cheek manner of speaking about this. Some people get so sensitive on here.

Humbe · November 2013

redz wrote: »

I haven't even had my CISSP for a whole year yet, please don't take offense to my tongue in cheek manner of speaking about this. Some people get so sensitive on here.

Lol... If you are going to start the battle call out names!

colemic · November 2013

Humbe wrote: »

At this rate they will be paying us 35 - 40k a year because the CISSP will be the next "A+".

Oh well...

That's a bit of a stretch, don't you think? The cert is still solid. It has managed to maintain value far better than Microsoft certs (IMO). At the end of the day, even if EVERYONE gets this cert, it still shows that they put effort into it, and should a basic, fundamental knowledge of security principles and how to tie those into business, which at the end of the day, is all the cert is intended to be. Some people place a lot of weight in it, and that's fine, and some don't, and that's ok too. That said I agree that ISC2 could do better on the verifications, as stated earlier.

beads · November 2013

colemic wrote: »

That's a bit of a stretch, don't you think? The cert is still solid. It has managed to maintain value far better than Microsoft certs (IMO). At the end of the day, even if EVERYONE gets this cert, it still shows that they put effort into it, and should a basic, fundamental knowledge of security principles and how to tie those into business, which at the end of the day, is all the cert is intended to be. Some people place a lot of weight in it, and that's fine, and some don't, and that's ok too. That said I agree that ISC2 could do better on the verifications, as stated earlier.

Hit the nail on the head there, colemic: "basic, fundamental knowledge of security principals..." The exam is very basic; very broad; and still an inch deep. Very much a journeyman level exam. Perhaps the (ISC)2 should investigate combining the three concentrations into one Master level certification.

- B Eads

Humbe · November 2013

colemic wrote: »

That's a bit of a stretch, don't you think? The cert is still solid. It has managed to maintain value far better than Microsoft certs (IMO). At the end of the day, even if EVERYONE gets this cert, it still shows that they put effort into it, and should a basic, fundamental knowledge of security principles and how to tie those into business, which at the end of the day, is all the cert is intended to be. Some people place a lot of weight in it, and that's fine, and some don't, and that's ok too. That said I agree that ISC2 could do better on the verifications, as stated earlier.

I truly believe the cert will go from a well respected cert to one of those regular certs to have. Eventually, ISC2 will have to come up with something else.

redz · November 2013

beads wrote: »

combining the three concentrations into one Master level certification.

If it exists, it is Security, and it is prestigious, I have to try it. This I do not want to try... But I will if they make it...

Humbe wrote: »

Eventually, ISC2 will have to come up with something else.

If you focus real hard you might be able to find something they've come up with. Just concentrate on it for a while.

Humbe · November 2013

redz wrote: »

If you focus real hard you might be able to find something they've come up with. Just concentrate on it for a while.

Too early to be doing such thing!

beads · November 2013

Too early? Yes. An eventuality of certification inflation? Double yes. Its happened in the past many times but we've publicly referred to such as "maturing".

- B Eads

kalkan999 · December 2013

I took the Security + exam again on a bet with a friend of mine who told me I was getting too soft on the technical, insisting that the test I took in 2004 that grandfathered me in was much tougher now. Knocked it out of the park without missing a bit of sleep the night before, with no studying (per my agreement with him) and was out of that testing center in 40 minutes!
Proof that A: I still have it, and B: my advice to people getting into security from IT is still solid that they should take the Security + first, then gain experience, then test for CISSP.
Now I am also one bottle of Crown Royal richer than before, AND he paid for the test.

j.petrov · December 2013

kalkan999 wrote: »

Now I am also one bottle of Crown Royal richer than before, AND he paid for the test.

LarryDaMan · December 2013

kalkan999 wrote: »

I took the Security + exam again on a bet with a friend of mine who told me I was getting too soft on the technical

Congrats I guess? But, I can't remember which part of Security+ was technical.

kalkan999 · December 2013

Port numbers, length of cable before degradation, not much else. Essentially the Network + stuff with a twist of Security +.

jvrlopez · December 2013

Got moved into a new shop with a few other new hires and we were all told that everyone in the office will need CISSP within 6 months lol. All of us, even the worker bees.

Compared to 5 years ago, I'm hearing a lot more about people studying for it and being required to get it.

Humbe · December 2013

jvrlopez wrote: »

Got moved into a new shop with a few other new hires and we were all told that everyone in the office will need CISSP within 6 months lol. All of us, even the worker bees.

Compared to 5 years ago, I'm hearing a lot more about people studying for it and being required to get it.

Wow... Let me guess what happens if you don't get it within 6 months....

Some Management just don't understand this certification. Otherwise, they wouldn't be putting people in this situation.

j.petrov · December 2013

jvrlopez wrote: »

Got moved into a new shop with a few other new hires and we were all told that everyone in the office will need CISSP within 6 months lol. All of us, even the worker bees.

Compared to 5 years ago, I'm hearing a lot more about people studying for it and being required to get it.

I'm in a similar situation. My new job wants me to get certified, and will pay for the exam fee upon passing as well as give me a raise. This cert really wasn't on my short term radar yet. Before taking this job, I was thinking of looking into this cert around this time next year. I don't have the experience yet, but can't say no to a raise… So I have been studying for two and a half months and have scheduled to take the exam on the 18th.

Its become too common for companies to ask for a CISSP with 2-3 years experience, which isn't even possible. Its a household name and everyone is jumping on the bandwagon. They don't even know what is involved in getting this cert.

CISSP seems very close to security+? Hmmmm?

Comments